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CLAIMS: 



1 LA mobile system, comprising: 

2 a host chipset; 

3 a locator subsystem connected to the host chipset and arranged to determine a current 

4 location of the mobile system; and 

9 a main storage connected to the host chipset and arranged to store an operating system 

If (OS) and contain an OS-Present application and/or a Pre-OS application configured to enforce 

ifi security policies during user authentication, to access the locator subsystem and determine 

^ whether the mobile system may have been stolen or used inappropriately based on the security 

9 policies. 

2 2. The mobile system as claimed in claim 1, wherein said main storage comprises: 

2 a main memory arranged to store the operating system (OS), and the OS-Present 

3 application which is executed while the operating system (OS) is present; and 

4 a flash memory arranged to store the Pre-OS application which is executed during boot 

5 up before the operating system (OS) is loaded. 

1 3. The mobile system as claimed in claim 2, further comprising: 

2 a protected storage configured to support the Pre-OS application and the OS-Present 
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3 application and to store configuration data, the security policies, authentication data and other 

4 information obtained from the Pre-OS application and the OS-Present application. 

1 4. The mobile system as claimed in claim 3, further comprising: 

2 a first interface arranged to provide the Pre-OS application access to the protected 

3 storage; and 

4 a second interface arranged to provide the OS-Present application access to the protected 

CI storage. 

€1 

}£ 5. The mobile system as claimed in claim 3, wherein said protected storage is a non- 

4j volatile readable and writeable memory device. 

Q 

fy 6. The mobile system as claimed in claim 3, wherein said locator subsystem 

¥ corresponds to a radio-frequency (RF) based locator subsystem for determining the current 

3 location of the mobile system. 

1 7. The mobile system as claimed in claim 6 5 wherein said security policies for the 

2 Pre-OS application and the OS-Present application include a designated number of failed log-on 

3 attempts, an unauthorized change attempted on selected platform policies, an unauthorized use 

4 of monitored services, a designated time expiration based on a renewable certificate, or a lack of 

5 communication to a policy server or to a security token, and an unauthorized deletion of the 
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6 protected storage. 

1 8. The mobile system as claimed in claim 7, wherein said Pre-OS application 

2 corresponds to a system basic input/output start-up (BIOS) that is configured in accordance with 

3 Intel® Protected Access Architecture (IPAA) described in Application Interface Specification, 

4 Revision L0, and that is executed during boot up before the operating system (OS) is loaded. 

Cfj 9. The mobile system as claimed in claim 8, wherein said system BIOS is executed 

^ during boot up to check a Pre-OS security policy record, collect location based information from 

JJ the RF-based locator subsystem, determine if there is a violation of the security policies during 

^ user authentication and, if there is a violation of the security policies, make a decision that the 

CI mobile system may have been stolen or used inappropriately. 

Jf 10. The mobile system as claimed in claim 9, wherein said system BIOS is executed 

2 during boot up to further report the location of the mobile system to a proper authority, via an 

3 Internet or a RF-based wireless network. 

1 11. The mobile system as claimed in claim 7, wherein said OS-Present application is 

2 executed to obtain an OS security record, check location based information, determine if an 

3 action is required based on the security policies and, if an action is required, then report a 

4 violation to an OS readable location in the protected storage and/or an external event monitoring 
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facility. 

12. The mobile system as claimed in claim 11, wherein said RF-based locator 
subsystem corresponds to a Global Positioning System (GPS) receiver connected to the host 
chipset and arranged to contain an antenna complex for receiving the current location of the 
mobile system. 

13. The mobile system as claimed in claim 11, wherein said RF-based locator 
subsystem corresponds to a RF transmitter that is part of a stolen device recovery system to 
provide location based information and is activated upon an occurrence of a trigger event to 
broadcast a silent, coded radio signal to the stolen device recovery system, via a radio tower, for 
enabling the police to track and recover the stolen device. 

14. The mobile system as claimed in claim 1 1, wherein said RF-based locator 
subsystem corresponds to a Bluetooth™ transceiver that is part of a Bluetooth™ based security 
system including a central security server and a network of Bluetooth (voice/data) Access Points 
(BTAPs) installed in a designated area to provide security services for the mobile system, 
including asset control, remote monitoring and tracking of the mobile system, through the 
Internet or the RF-based wireless network. 

15. A mobile system comprising: 
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2 a host chipset; 

3 a RF-based locator subsystem connected to the host chipset and arranged to determine a 

4 current location of the mobile system; 

s a main memory connected to the host chipset and arranged to store an operating system 

6 (OS) and an OS-Present application executed while the operating system (OS) is present; and 

7 a flash memory connected to the host chipset and arranged to store a Pre-OS application 

8 executed during boot up before the operating system (OS) is loaded and configured to enforce 
0 security policies during user authentication, to access the RF-based locator subsystem and 

determine whether the mobile system may have been stolen or used inappropriately based on the 

jfs security policies. 

Q 16. The mobile system as claimed in claim 15, wherein said security policies include 

ffi 

If a designated number of failed log-on attempts, an unauthorized change attempted on selected 

rf platform policies, an unauthorized use of monitored services, a designated time expiration based 

4 on a renewable certificate, or a lack of communication to a policy server or to a security token, 

5 and an unauthorized deletion of the protected storage. 

1 17. The mobile system as claimed in claim 16, wherein said Pre-OS application 

2 corresponds to a system basic input/output start-up (BIOS) that is configured in accordance with 

3 Intel® Protected Access Architecture (IPAA) described in Application Interface Specification, 

4 Revision 1.0, and that is executed during boot up before the operating system (OS) is loaded. 
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18. The mobile system as claimed in claim 17, wherein said system BIOS is executed 
during boot up to check a Pre-OS security policy record, collect location based information from 
the RF-based locator subsystem, determine if there is a violation of the security policies during 
user authentication and, if there is a violation of the security policies, make a decision that the 
mobile system may have been stolen or used inappropriately. 

19. The mobile system as claimed in claim 18, wherein said system BIOS is executed 
during boot up to further report the current location of the mobile system to a proper authority, 
via an Internet or a RF-based wireless network. 

20. The mobile system as claimed in claim 15, wherein said OS-Present application is 
executed to obtain an OS security record, check location based information, determine if an 
action is required based on the security policies and, if an action is required, then report a 
violation to an OS readable location in the protected storage and/or an external event monitoring 
facility. 

21. The mobile system as claimed in claim 15, wherein said RF-based locator 
subsystem corresponds to a Global Positioning System (GPS) receiver connected to the host 
chipset and arranged to contain an antenna complex for receiving the current location of the 
mobile system. 
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22. The mobile system as claimed in claim 15, wherein said RF-based locator 
subsystem corresponds to a RF transmitter that is part of a stolen device recovery system to 
provide location based information and is activated upon an occurrence of a trigger event to 
broadcast a silent, coded radio signal to the stolen device recovery system, via a radio tower, for 
enabling the police to track and recover the stolen device. 

23. The mobile system as claimed in claim 15, wherein said RF-based locator 
subsystem corresponds to a Bluetooth™ transceiver that is part of a Bluetooth™ based security 
system including a central security server and a network of Bluetooth (voice/data) Access Points 
(BTAPs) installed in a designated area to provide security services for the mobile system, 
including asset control, remote monitoring and tracking of the mobile system, through the 
Internet or the RF-based wireless network. 

24. A computer readable medium having stored thereon a set of system basic 
input/output start-up "system BIOS" instructions configured in accordance with Intel® Protected 
Access Architecture (IPAA) which, when executed by a processor during start-up, cause the 
processor to perform: 

initializing and testing a system platform; 

checking a Pre-OS security policy record for an approved trigger mechanism; 
collecting location based information from the approved trigger mechanism; 
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determining if there is a violation of security policies during user authentication; and 
if there is a violation of the security policies, making a decision that the mobile system 
may have been stolen or used inappropriately. 

25. The computer readable medium as claimed in claim 24, wherein said system 
BIOS instructions further cause the processor to report the location based information indicating 
the current location of the mobile system to a proper authority, via an Internet or a RF-based 
wireless network, when there is a violation of the security policies. 

26. The computer readable medium as claimed in claim 24, wherein said security 
policies for the system BIOS instructions include a designated number of failed log-on attempts, 
an unauthorized change attempted on selected platform policies, an unauthorized use of 
monitored services, a designated time expiration based on a renewable certificate, or lack of 
communication to a policy server or to a security token, and an unauthorized deletion of a 
protected storage. 
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